The Mac Landscape: Full of Empty Threats? - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 11-19-2006, 09:53 AM   #1 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,817
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default The Mac Landscape: Full of Empty Threats?

I know this reads Mac but it applies to everything


Believe or not, there is a lot of information out there that will tell you that OS X is just as bad in terms of security breaches as any other Operating System. The obvious question is Then why don’t Macs get attacked ? The answer according to this author is that due to the market share, it really isn’t worth the time.



The report focuses its attention on the obvious answer, the standard one for this question: The Mac is less popular, so there's less incentive to write exploits and malware for it. There's as much reason to believe this as ever, since overall Mac market share hasn't moved much in the last few years, in spite of stories about its tremendous growth. Nor would I assume its share of the installed base of systems, a more important number, has grown much over the last few years.



Now before you fire up that e-mail client let me just say this: This isn’t a situation that is simply relegated to Apple. You see it in the browser market and so on. If FireFox picked up 35% of web browser usage you can bet exploits would be flying out of the wood work.



When it first came out in July, Symantec's report "The Mac OS X Threat Landscape: An Overview" revealed a collection of vulnerabilities and potential attacks that rivaled any major operating system (at least in their shipping versions).

The updated version, released earlier this week, reinforces these conclusions, and in fact things are getting worse.

ADVERTISEMENT And yet Macs are not widely attacked, as are Windows systems. In fact, from what I can tell from the monitoring I do of discussions on the matter, Linux boxes are more likely to be attacked, successfully or otherwise, than the average Mac, and there are a lot more Macs out there than Linux boxes.

The Symantec report does no original research; it's all based on publicly available research and vulnerability disclosures from Apple. On the disclosure issue, the report shows graphically that the frequency of vulnerability disclosures for Apple software has been on the increase in recent years. Just recently the Month of Kernel Bugs project revealed a bug in the OS X kernel's fpathconf() system call that could allow a DOS and that was fixed in FreeBSD, the antecedent of OS X, back in June 2000.


The report also discusses more general points that are key to assessing the security state of OS X. One is that the OS has been out for some time now and key components of it, such as the heap manager, are better understood. As Microsoft's Robert Hensing says, "Understanding how something works is the first step in breaking it. )."

The other general point I didn't appreciate before is the implications of the two-layer kernel. To quote the report:

The OS X operating system is based on FreeBSD, with a set of additional tools and frameworks (such as Core Foundation) built on top. The underlying kernel used by OS X is Darwin, a Mach-based kernel. Because Mac OS X is a UNIX-based operating system, it inherits all its built-in security features, such as a well-designed multiuser infrastructure as well as process and file attributes. It integrates functionality from BSD and Mach kernels, allowing both to interoperate independently.
"Well-designed" as it may be, this two-layer kernel has an abnormally large attack surface because there are two kernels.

Apple has encrypted critical parts of its operating system to protect it from software pirates, according to a researcher. Click here to read more.

This is not just a theoretical argument. The report goes on to cite research by Nemo on uninformed.org showing how BSD security can be bypassed because of flaws in the integration between Mach and BSD in the OS X kernel.

The Symantec researcher argues that they are seeing more activity in the Mac arena, including exploit development, all the time. They argue that the move to x86 architecture will assist this, although I've been skeptical of this argument in the past. They point out a great deal of work done in rootkits for OS X. They point out that OS X has not employed advanced defensive techniques like address space layout randomization or even simpler ones like stack canaries.


OK! I'm sold! Mac OS X has myriad opportunity for attack. So where are all the attacks? How come there aren't armies of Mac botnets? Why aren't there scores of new malware samples for the Mac every day?

The report focuses its attention on the obvious answer, the standard one for this question: The Mac is less popular, so there's less incentive to write exploits and malware for it. There's as much reason to believe this as ever, since overall Mac market share hasn't moved much in the last few years, in spite of stories about its tremendous growth. Nor would I assume its share of the installed base of systems, a more important number, has grown much over the last few years.

There are even fewer Linux or Solaris systems out there, and they get attacked all the time, both through kernel vulnerabilities and application bugs. What explains this difference? Perhaps those who research and write attacks are more familiar with Linux and Solaris. Perhaps these systems are more likely to be servers and therefore more easily targeted for attack. Perhaps these systems are more likely to be business systems and are therefore a better target. Perhaps this is why Apple is not showing an interest in the enterprise.

I'm still stumped. All of these explanations make sense, and somehow they're all unsatisfying. One thing is clear: Mac users are really lucky so far.

http://www.eweek.com/article2/0,1895,2059980,00.asp
__________________

__________________
Osiris is offline  
Old 11-19-2006, 03:21 PM   #2 (permalink)
Banned
 
Join Date: Sep 2005
Posts: 5,191
Default

kthxbye roffle
__________________

The General is offline  
Old 11-19-2006, 10:25 PM   #3 (permalink)
Monster Techie
 
Join Date: Aug 2006
Posts: 1,585
Default

i never know if you just cut and paste from sources or make your own reports from info out there...so can't tell if you ever actually put your own input in there

That said, it goes back to the numbers game and the FACT that software is software, no matter who makes it or how much they try to convince you it's so secure, it is only as secure as it's functionality, or lack there of, allows. Macs are not functional, and by that, I mean, they are far less functional out of the box than a PC environment. That said, they are more secure by default...but that is more a situation of the PC environment functionality being lessened, to perform like Macs.

To do one thing only and do it adequately. Before any mac fanatics argue otherwise, that is simply fact...that may have changed but not long ago, the Mac environment did not believe in multi-tasking. You save a file and that's all you could do, until it was done saving a file. 1 button mice? Please, that's an example.

This is the same principle as travelling by plane is safer than automobile. It is inherently false, but by numbers remains true. The airline industry wants you to think it's safer by saying there are less accidents, and although true (in numbers)...they are not using equal environments.
atomic tofu is offline  
Old 11-20-2006, 10:40 AM   #4 (permalink)
Law
Wizard Techie
 
Law's Avatar
 
Join Date: Aug 2005
Location: the data closet
Posts: 4,200
Default

Simply put, "There will always be flaws, it was created by humans"
__________________

Law is offline  
Old 11-20-2006, 11:57 AM   #5 (permalink)
Banned
 
Join Date: Sep 2005
Posts: 5,191
Default

Quote:
Originally posted by atomic tofu
i never know if you just cut and paste from sources or make your own reports from info out there...so can't tell if you ever actually put your own input in there

That said, it goes back to the numbers game and the FACT that software is software, no matter who makes it or how much they try to convince you it's so secure, it is only as secure as it's functionality, or lack there of, allows. Macs are not functional, and by that, I mean, they are far less functional out of the box than a PC environment. That said, they are more secure by default...but that is more a situation of the PC environment functionality being lessened, to perform like Macs.

To do one thing only and do it adequately. Before any mac fanatics argue otherwise, that is simply fact...that may have changed but not long ago, the Mac environment did not believe in multi-tasking. You save a file and that's all you could do, until it was done saving a file. 1 button mice? Please, that's an example.

This is the same principle as travelling by plane is safer than automobile. It is inherently false, but by numbers remains true. The airline industry wants you to think it's safer by saying there are less accidents, and although true (in numbers)...they are not using equal environments.
Incorrect. It is a well known fact that some software is more secure than others. It is also a well known fact that some software is more stable that others. If you deny these facts, then anything you say about computers will be disregarded by me, as clearly you have some denial issues.

Yes, there are more Windows users than Mac OS users. That doesn't mean it's the only reason Windows is more effected by malicious software than Macs. That just means that there are more Windows users than Mac OS users.

How can you say a Mac is less functional out-of-box than a PC environment?

1. What is a PC environment?
2. Macs come with all sorts of software on them, video editing, audio mixing, image editing, music organization. Windows comes with Movie Maker (you know, that program no one uses), sound recorder, Windows Media Player (you know, that media player that isn't iTunes), and notepad. Oh, and Internet Explorer (you know, that web browser that n00bs use).

Mac OS is a thousand times more functional than Windows out-of-box. In Windows, first thing you do is open IE and go to getfirefox.com, from that point you have to download all sorts of stuff to use on your computer. What use is a fresh install of Windows if you don't have an internet connection? I could take a Mac and use it for months on end without an internet connection, because it comes with all sorts of software.

Oh, and don't forget that 0% of Macs are effected by viruses. So what they say in commercials is true. They don't get viruses. You can't deny that. They just don't.

Enough of that.

Where are my Linux viruses?
The General is offline  
Old 11-20-2006, 12:09 PM   #6 (permalink)
Banned
 
Join Date: Sep 2005
Posts: 5,191
Default

Oh my, I didn't even finish reading your post. Maybe Macs didn't "believe" in multi-tasking back in 1983 (yes, before Windows) but saying "not long ago" would make someone think that in 1999 they didn't believe in multitasking, which is just a blatant lie. 1 button mouse? PLUG A 2 BUTTON MOUSE IN. OMG. That, and there are about 120 buttons on your keyboard. Get real dude.

I have a Mac Classic II from 1991. Yes, this one, yes the one DJ Tanner had on Full House, yes it has a 1 button mouse. I can run Excel, Word, and all sorts of programs at once. Would you like me to record a video of it? Nah.

Wow, I'm totally done with you, you're just another Zune buying Microsoft fanboy.
The General is offline  
Old 11-20-2006, 02:01 PM   #7 (permalink)
Monster Techie
 
Join Date: Aug 2006
Posts: 1,585
Default

lol...

I'm not going to say much...not going to try.

All I can say is, when someone has anger filled in their posts...as well as arrogance, it lends less to the credibility of their arguement. Trust me, I'm open minded...but my mind closes when it encounters such things.

So, I won't argue...but I am proud to have changed all the computers at a company I used to work for who believed in macs...to PCs

lighten up...choose what you will and let others do as they wish.

I just have to ask you...when did they release 2 buttons for macs...only curious and not implying anything. Also, when did they fully implement multi tasking?

I'm 33 now...when I was 26 and working on macs...I could not do more than 1 thing at a time. This was on "top of the line" G3s...etc

And here's the scenario, you could argue against or not. I asked them for a PC that I could use. That PC never needed a maintenance to come and fix. Sure there could have been something unusual going on with their macs...I'm open minded. But my time with this company and the macs...and looking in mac software catalogs for software to recover corrupted files (from regular and known corruption)...showed me that no matter what you like or hate...it's all the same.

PCs rule! Beos did too
atomic tofu is offline  
Old 11-20-2006, 02:19 PM   #8 (permalink)
Banned
 
Join Date: Sep 2005
Posts: 5,191
Default

Quote:
Originally posted by atomic tofu
lol...

I'm not going to say much...not going to try.

All I can say is, when someone has anger filled in their posts...as well as arrogance, it lends less to the credibility of their arguement. Trust me, I'm open minded...but my mind closes when it encounters such things.
How could your mind close any more than it is already?

Quote:
Originally posted by atomic tofu
So, I won't argue...but I am proud to have changed all the computers at a company I used to work for who believed in macs...to PCs

lighten up...choose what you will and let others do as they wish.
So you brainwashed all of your co-workers, then you tell me to choose what I will and let others do as they wish? Great. Oh, not you mention your spreading misinformation via your previous post.

Quote:
Originally posted by atomic tofu
I just have to ask you...when did they release 2 buttons for macs...only curious and not implying anything. Also, when did they fully implement multi tasking?
Apple first started making multi-button mice like last year or something, but before that you could just plug whatever mouse you want into a Mac and it has the same functionality as you would expect in Windows ... instead of CTRL+click, its right click...

And apparently they "fully implemented" multi-tasking before 1991, because like I said, my Mac from 1991 (running OS4 or something) lets me multi-task just fine.

Quote:
Originally posted by atomic tofu
I'm 33 now...when I was 26 and working on macs...I could not do more than 1 thing at a time. This was on "top of the line" G3s...etc
Cool, you used an old Mac, awesome, your opinion of them MUST be 100% accurate.

Quote:
Originally posted by atomic tofu
And here's the scenario, you could argue against or not. I asked them for a PC that I could use. That PC never needed a maintenance to come and fix. Sure there could have been something unusual going on with their macs...I'm open minded. But my time with this company and the macs...and looking in mac software catalogs for software to recover corrupted files (from regular and known corruption)...showed me that no matter what you like or hate...it's all the same.

PCs rule! Beos did too
Yes, PCs rule, but Windows doesn't. That's why I have a PC and run Linux.
The General is offline  
Old 11-20-2006, 02:57 PM   #9 (permalink)
Repeat Offender
 
superdave1984's Avatar
 
Join Date: Aug 2006
Location: South Fulton, TN
Posts: 1,980
Default

I think it depends largely on what you use it for. A Mac does multimedia much better than a PC. It just does. A PC seems better suited for a work environment. Is it because of software? I don't know. But that's the way it is. Windows, Linux, OSX, whatever you use doesn't matter. If it works for you and you like it. GREAT! Otherwise get something else.
__________________
Change the world. Of one person. Today.

If your equation requires either a complex combination of variables to get the desired result OR you can't seem to get the result regardless of the variables....it ain't your variables, it's your constant.
superdave1984 is offline  
Old 11-20-2006, 05:48 PM   #10 (permalink)
Monster Techie
 
Join Date: Aug 2006
Posts: 1,585
Default

freedom is great right dave?

semantics though...PCs...Mac people I know don't want to call their personal computers PCs...they have something against the term. I'm sure we all know, a personal computer could be a personal computing device...but we all have to use appropirate terms right?

Why do you think the term PC compatible exists, and not just PC? But it will all be PC eventually, in about 5 years...now that Macs use PC hardware.

You know you love it...pretty soon it will just be a Mac theme for Windows...just for nostalgia!

Oh, I'm just having fun and really hope you're not as angry as you sound...really. You know I do that to friends and they know I'm only nudging them...poke poke

Apple IIe wasn't bad
__________________

atomic tofu is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:10 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.